From 03caa63de1e34c29dd3e7e835070d363ca197bfd Mon Sep 17 00:00:00 2001 From: Andrew Cagney Date: Wed, 27 Mar 2024 10:43:19 -0400 Subject: [PATCH] ikev1: in compute_proto_keymat() only allow explicitly handled ESP algorithms --- programs/pluto/ikev1_quick.c | 41 ++++++++++++++---------------------- 1 file changed, 16 insertions(+), 25 deletions(-) diff --git a/programs/pluto/ikev1_quick.c b/programs/pluto/ikev1_quick.c index 70f29166019..0067b13b01c 100644 --- a/programs/pluto/ikev1_quick.c +++ b/programs/pluto/ikev1_quick.c @@ -203,7 +203,7 @@ static bool emit_subnet_id(enum perspective perspective, * RFC 2409 "IKE" section 5.5 * specifies how this is to be done. */ -static void compute_proto_keymat(struct state *st, +static bool compute_proto_keymat(struct state *st, uint8_t protoid, struct ipsec_proto_info *pi, const char *satypename) @@ -297,27 +297,13 @@ static void compute_proto_keymat(struct state *st, } break; - case ESP_CAST: - case ESP_TWOFISH: - case ESP_SERPENT: - /* ESP_SEED is for IKEv1 only and not supported. Its number in IKEv2 has been re-used */ - bad_case(pi->trans_attrs.ta_ikev1_encrypt); - default: - /* bytes */ - needed_len = encrypt_max_key_bit_length(pi->trans_attrs.ta_encrypt) / BITS_IN_BYTE; - if (needed_len > 0) { - /* XXX: check key_len coupling with kernel.c's */ - if (pi->trans_attrs.enckeylen) { - needed_len = - pi->trans_attrs.enckeylen - / BITS_IN_BYTE; - dbg("compute_proto_keymat: key_len=%d from peer", - (int)needed_len); - } - break; - } - bad_case(pi->trans_attrs.ta_ikev1_encrypt); + { + enum_buf eb; + llog(RC_LOG, st->logger, "rejecting request for keymat for %s", + str_enum(&esp_transformid_names, protoid, &eb)); + return false; + } } dbg("compute_proto_keymat: needed_len (after ESP enc)=%d", (int)needed_len); needed_len += pi->trans_attrs.ta_integ->integ_keymat_size; @@ -359,14 +345,17 @@ static void compute_proto_keymat(struct state *st, DBG_dump_hunk(" inbound:", pi->inbound.keymat); DBG_dump_hunk(" outbound:", pi->outbound.keymat); } + + return true; } -static void compute_keymats(struct state *st) +static bool compute_keymats(struct state *st) { if (st->st_ah.protocol == &ip_protocol_ah) - compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah, "AH"); + return compute_proto_keymat(st, PROTO_IPSEC_AH, &st->st_ah, "AH"); if (st->st_esp.protocol == &ip_protocol_esp) - compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp, "ESP"); + return compute_proto_keymat(st, PROTO_IPSEC_ESP, &st->st_esp, "ESP"); + return false; } /* @@ -1534,7 +1523,9 @@ static stf_status quick_inI1_outR1_continue12_tail(struct state *st, struct msg_ fixup_v1_HASH(st, &hash_fixup, st->st_v1_msgid.id, rbody.cur); /* Derive new keying material */ - compute_keymats(st); + if (!compute_keymats(st)) { + return STF_FATAL; + } /* Tell the kernel to establish the new inbound SA * (unless the commit bit is set -- which we don't support).